PERFORCE change 100974 for review

Robert Watson rwatson at FreeBSD.org
Sat Jul 8 10:26:55 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=100974

Change 100974 by rwatson at rwatson_zoo on 2006/07/08 10:26:20

	Notes on mac2 branch.

Affected files ...

.. //depot/projects/trustedbsd/mac2/mac2_notes.txt#2 edit

Differences ...

==== //depot/projects/trustedbsd/mac2/mac2_notes.txt#2 (text+ko) ====

@@ -1,1 +1,58 @@
 Notes file for prototype changes made in the MAC2 branch.
+
+- Renaming of pretty much all entry points.  Adopt a new naming scheme
+  based on:
+
+	mpo_<object/subsystem>_<method>()
+	mpo_<object/subsystem>_check_<method>()
+
+  Likewise for mac_*.  This appears to shorten quite a few names
+  (removing '_from_', etc), and make things much more legible and
+  consistent.
+
+- Add a new subsystem class netinet to hold netinet-related methods.
+
+- Resort entry points in mac_framework.h, mac_policy.h by object rather
+  than method.  This significantly improves readability.
+
+- Split mac.h into mac.h and mac_framework.h, breaking out user and kernel
+  APIs into separate kernel include files.
+
+Planned changes:
+
+- Accessor methods for slot data based on functions, in order to avoid
+  encoding the ABI of the slot/label mechanism into modules.  Proposed
+  methods:
+
+	mac_<object>_getlabel(mpc, object, &valuep);
+	mac_<object>_setlabel(mpc, object,  value);
+
+  These will get and set the slot field, which will be of type uintptr_t.
+  Locking will be unchanged.  Policies will likely wrap these in their
+  own macro or inline to pass mpc implicitly in common use.
+
+- Remove label arguments from policy entry points where an accessor method
+  can be used.
+
+Already performed and merged changes:
+
+- Adopt SEDarwin MAC Framework change to provide mpo_foo_t prototypes for
+  mac_policy_ops entries.  This has several advantages:
+
+	Provide a more clear style and structure for inline documentation.
+
+	Allow internal prototyping in policies so they can be broken into
+	multiple C files more easily.
+
+Future directions:
+
+- Break policy modules into multiple files by object/subsystem class,
+  with policy_internal.h using new mpo prototypes.
+
+- Explore and possibly adopt SEDarwin MAC Framework changes to allow
+  specific label registration for policy modules for FreeBSD.
+
+- Explore and possibly adopt fine-grained label registration so that slots
+  are only used for objects requested by the policy.  I.e., policies can
+  request only a cred label slot, etc.  This could then be used to key
+  memory allocation overhead on more objects.

More information about the trustedbsd-cvs mailing list